Difference between revisions of "Determining OS version from an evidence image"

(New page: One of the first steps an examiner will need to carry out once they have an evidence image is log system metadata, including OS version and patch level. This may be of particular importanc...)

Revision as of 08:30, 31 July 2007

One of the first steps an examiner will need to carry out once they have an evidence image is log system metadata, including OS version and patch level. This may be of particular importance if the image in question is from a machine that is suspected of having been compromised.